> >Currently, FreeRADIUS runs very well with WPA access points, > >the only requirement is the PMK (Pairwise Master Key) transmission > >from the AAA to the Authenticator which is performed with > >a "keying" method such as TTLS or of course TLS. > >This is transmitted via an Accept response. > > Aha! I've never heard of the PMK. How do we know we are > transmitting it? Is there a FreeRADIUS setting or something to add?
if you have some EAP method that uses keys (TLS/TTLS not EAP-MD5) working between your AP & freeRadius, then you are already getting the PMK from the server. Its sent as one of two Microsoft vendor specific attributes (MPPE-SEND-KEY and MPPE-RECV-KEY) in the Attach Accept. With dynamic WEP keys the AP creates a random session key and sends it to the client in an EAPOL-Key message. With WPA/TKIP the AP starts the TKIP handshake at this point, at the end of which both client and AP have the session and broadcast keys. So there is nothing more you need to do (AFAIK) on freeRadius when you change from dynamic WEP to WPA/TKIP. It all happens between the AP and the supplicant! Puneet _______________________________________________ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
